# Copyright (c) 2017 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import logging
import sys

from kmip.core import enums
from kmip.demos import utils
from kmip.pie import client

# 导出密钥
if __name__ == '__main__':
    # 构建并设置日志记录器的级别为INFO
    logger = utils.build_console_logger(logging.INFO)

    # 构建并解析命令行参数
    parser = utils.build_cli_parser(enums.Operation.DERIVE_KEY)
    opts, args = parser.parse_args(sys.argv[1:])
    config = opts.config

    # 构建客户端并连接到服务器
    with client.ProxyKmipClient(
            config=config,
            config_file=opts.config_file
    ) as client:
        # 创建用于导出的密钥
        try:
            key_id = client.create(
                enums.CryptographicAlgorithm.AES,
                128,
                cryptographic_usage_mask=[
                    enums.CryptographicUsageMask.DERIVE_KEY
                ]
            )
            logger.info("Successfully created a new derivation key.")
            logger.info("Secret ID: {0}".format(key_id))
        except Exception as e:
            logger.error(e)
            sys.exit(-1)

        # 通过PBKDF2导出一个新的密钥
        try:
            secret_id = client.derive_key(
                enums.ObjectType.SYMMETRIC_KEY,
                [key_id],
                enums.DerivationMethod.PBKDF2,
                {
                    'cryptographic_parameters': {
                        'hashing_algorithm': enums.HashingAlgorithm.SHA_1
                    },
                    'salt': b'salt',
                    'iteration_count': 4096
                },
                cryptographic_length=160,
                cryptographic_algorithm=enums.CryptographicAlgorithm.AES
            )
            logger.info("Successfully derived a new secret via PBKDF2.")
            logger.info("Secret ID: {0}".format(secret_id))
        except Exception as e:
            logger.error(e)

        # 通过加密导出一个新的密钥
        try:
            secret_id = client.derive_key(
                enums.ObjectType.SECRET_DATA,
                [key_id],
                enums.DerivationMethod.ENCRYPT,
                {
                    'cryptographic_parameters': {
                        'block_cipher_mode': enums.BlockCipherMode.CBC,
                        'padding_method': enums.PaddingMethod.PKCS5,
                        'cryptographic_algorithm':
                            enums.CryptographicAlgorithm.BLOWFISH
                    },
                    'initialization_vector': (
                        b'\xFE\xDC\xBA\x98\x76\x54\x32\x10'
                    ),
                    'derivation_data': (
                        b'\x37\x36\x35\x34\x33\x32\x31\x30'
                        b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
                        b'\x68\x65\x20\x74\x69\x6D\x65\x20'
                        b'\x66\x6F\x72\x20\x00'
                    )
                },
                cryptographic_length=256
            )
            logger.info("Successfully derived a new secret via encryption.")
            logger.info("Secret ID: {0}".format(secret_id))
        except Exception as e:
            logger.error(e)

        # 通过HMAC导出一个新的密钥
        try:
            secret_id = client.derive_key(
                enums.ObjectType.SYMMETRIC_KEY,
                [key_id],
                enums.DerivationMethod.HMAC,
                {
                    'cryptographic_parameters': {
                        'hashing_algorithm': enums.HashingAlgorithm.SHA_256
                    },
                    'derivation_data': (
                        b'\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7'
                        b'\xF8\xF9'
                    ),
                    'salt': (
                        b'\x00\x01\x02\x03\x04\x05\x06\x07'
                        b'\x08\x09\x0A\x0B\x0C'
                    )
                },
                cryptographic_length=64,
                cryptographic_algorithm=enums.CryptographicAlgorithm.RC4
            )
            logger.info("Successfully derived a new secret via HMAC.")
            logger.info("Secret ID: {0}".format(secret_id))
        except Exception as e:
            logger.error(e)

        # 通过哈希导出一个新的密钥
        try:
            secret_id = client.derive_key(
                enums.ObjectType.SECRET_DATA,
                [key_id],
                enums.DerivationMethod.HASH,
                {
                    'cryptographic_parameters': {
                        'hashing_algorithm': enums.HashingAlgorithm.MD5
                    }
                },
                cryptographic_length=128
            )
            logger.info("Successfully derived a new secret via hashing.")
            logger.info("Secret ID: {0}".format(secret_id))
        except Exception as e:
            logger.error(e)

        # 通过NIST 800 108-C导出一个新的密钥
        try:
            secret_id = client.derive_key(
                enums.ObjectType.SYMMETRIC_KEY,
                [key_id],
                enums.DerivationMethod.NIST800_108_C,
                {
                    'cryptographic_parameters': {
                        'hashing_algorithm': enums.HashingAlgorithm.SHA_1
                    },
                    'derivation_data': (
                        b'\x8e\x34\x7e\xf5\x5d\x5f\x5e\x99'
                        b'\xea\xb6\xde\x70\x6b\x51\xde\x7c'
                        b'\xe0\x04\xf3\x88\x28\x89\xe2\x59'
                        b'\xff\x4e\x5c\xff\x10\x21\x67\xa5'
                        b'\xa4\xbd\x71\x15\x78\xd4\xce\x17'
                        b'\xdd\x9a\xbe\x56\xe5\x1c\x1f\x2d'
                        b'\xf9\x50\xe2\xfc\x81\x2e\xc1\xb2'
                        b'\x17\xca\x08\xd6'
                    )
                },
                cryptographic_length=128,
                cryptographic_algorithm=enums.CryptographicAlgorithm.AES
            )
            logger.info(
                "Successfully derived a new secret via NIST 800 108-C."
            )
            logger.info("Secret ID: {0}".format(secret_id))
        except Exception as e:
            logger.error(e)
